cloudflare · ranbel · May 5, 2025 · May 5, 2025 · May 5, 2025
@@ -7,7 +7,7 @@ head: []
 description: Automatically deploy a root certificate on desktop devices.
 ---
 
-import { Details } from "~/components";
+import { Details, Render } from "~/components";
 
 <Details header="Feature availability">
 
@@ -46,9 +46,11 @@ To configure WARP to install a root certificate on your organization's devices:
 5. [Enroll the device](/cloudflare-one/connections/connect-devices/warp/deployment/manual-deployment/) in your Zero Trust organization.
 6. (Optional) If the device is running macOS Big Sur or newer, [manually trust the certificate](#manually-trust-the-certificate).
 
-WARP will now download any [certificates set to **Available**](/cloudflare-one/connections/connect-devices/user-side-certificates/#activate-a-root-certificate). It may take up to 24 hours for newly available certificates to download to your users' devices.
+WARP will now download any [certificates set to **Available**](/cloudflare-one/connections/connect-devices/user-side-certificates/#activate-a-root-certificate). After download, WARP will add the certificates to the device's system certificate store in `installed_certs/<certificate_id>.pem` and append the contents to the `installed_cert.pem` file. If you have any scripts using `installed_cert.pem`, Cloudflare recommends you set them to use the individual files in the `installed_certs/` directory instead. `installed_certs.pem` will be deprecated by 2025-06-31.
 
-After download, WARP will add the certificates to the device's system certificate store in `installed_certs/<certificate_id>.pem` and append the contents to the `installed_cert.pem` file. If you have any scripts using `installed_cert.pem`, Cloudflare recommends you set them to use the individual files in the `installed_certs/` directory instead. `installed_certs.pem` will be deprecated by 2025-06-31.
+:::note
+<Render file="warp/client-notification-lag" product="cloudflare-one" />
+:::
 
 WARP does not install certificates to individual applications. You will need to [manually add certificates](/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment/#add-the-certificate-to-applications) to applications that rely on their own certificate store instead of the system certificate store.
 

@@ -114,7 +114,7 @@ Send a `POST` request to the [Devices API](/api/resources/zero_trust/subresource
 
 4. Select **Save profile**.
 
-The new settings may take up to 24 hours to propagate to devices.
+ <Render file="warp/client-notification-lag" product="cloudflare-one" />
 
 ## Verify device profile
 

@@ -13,7 +13,7 @@ Split Tunnels can be configured to exclude or include IP addresses or domains fr
 Split Tunnels only impacts the flow of IP traffic. DNS requests are still resolved by Gateway and subject to DNS policies unless you add the domains to your [Local Domain Fallback](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/local-domains/) configuration.
 :::
 
-Because Split Tunnels controls what Gateway has visibility on at the network level, we recommend testing all changes before rolling out updates to end users. It may take up to 10 minutes for changes to propagate to clients, depending on how many devices are connected to your organization.
+Because Split Tunnels controls what Gateway has visibility on at the network level, we recommend testing all changes before rolling out updates to end users.
 
 ## Change Split Tunnels mode
 
@@ -97,4 +97,6 @@ Removing default Split Tunnel entries may cause users to lose Internet connectiv
 3. Under **Split Tunnels**, select **Manage**.
 4. Find the IP address or hostname in the list and select **Delete**.
 
+<Render file="warp/client-notification-lag" product="cloudflare-one" />
+
 If you need to revert to the default Split Tunnel entries recommended by Cloudflare, select **Restore default entries**.
@@ -19,6 +19,10 @@ WARP settings define the WARP client modes and permissions available to end user
 - [Global settings](#global-settings) apply to all devices enrolled in your Zero Trust organization.
 - [Device settings](#device-settings) may vary across devices depending on which [device profile](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/) is applied.
 
+:::note
+<Render file="warp/client-notification-lag" product="cloudflare-one" />
+:::
+
 ## Global settings
 
 ### Admin override
@@ -107,7 +111,7 @@ This setting is primarily used as a prerequisite for [WARP Connector](/cloudflar
 
 - `Disabled`: (default) Sets the local interface IP to `172.16.0.2` on all devices. This configuration is only respected by devices using [WireGuard](#device-tunnel-protocol) and does not affect devices using [MASQUE](#device-tunnel-protocol).
 
-- `Enabled`: Sets the local interface IP on each device to its <GlossaryTooltip term="CGNAT IP">CGNAT IP</GlossaryTooltip>. The change takes effect within 24 hours.
+- `Enabled`: Sets the local interface IP on each device to its <GlossaryTooltip term="CGNAT IP">CGNAT IP</GlossaryTooltip>.
 
 The CGNAT IP assigned to a WARP device is permanent until the device unregisters from your Zero Trust organization. Disconnects and reconnects do not change the IP address assignment.
 
@@ -181,7 +185,7 @@ When `Enabled`, users have the option to switch between [Gateway with WARP](/clo
 
 </Details>
 
-Configures the protocol used to route IP traffic from the device to Cloudflare Gateway. It may take up to 24 hours for all devices to switch to the new protocol. To check the active protocol on a device, open a terminal and run `warp-cli settings | grep protocol`.
+Configures the protocol used to route IP traffic from the device to Cloudflare Gateway. To check the active protocol on a device, open a terminal and run `warp-cli settings | grep protocol`.
 
 **Value**:
 

@@ -217,7 +217,7 @@ After enabling certificate propagation, you must update your certificate:
 
 For WARP versions on or above 2024.12.554.0, selecting **Activate** will download the new certificate to end-user devices.
 
-Certificate propagation to end-user devices can take up to 24 hours, but can be expedited by resetting the encryption keys.
+Certificate propagation to end-user devices can take up to 10 minutes, but can be expedited by resetting the encryption keys.
 
 To reset the encryption keys:
 

@@ -5,6 +5,8 @@ sidebar:
   order: 4
 ---
 
+import { Render } from "~/components";
+
 DEX rules allow you to create and manage testing policies for targeted user groups within your [fleet](/cloudflare-one/insights/dex/tests/). After creating a rule, you can use it to define the scope of a [test](/cloudflare-one/insights/dex/tests/) to specific groups such as departments (like finance or sales), devices, and/or users. You can apply and reuse rules on your desired tests.
 
 DEX rules are ideal for admins who want to define the scope of a test to a specific group within their fleet to allow for more precise problem detection and resolution.
@@ -48,7 +50,7 @@ To add a rule to a test:
 4. Select **Save test** for an existing rule or **Add rule** for the new test.
 
 :::note
-When applying or removing rules from an existing test, your change can take up to 24 hours to propagate.
+<Render file="warp/client-notification-lag" product="cloudflare-one" />
 :::
 
 To view which tests a rule is being applied to:

@@ -2,7 +2,7 @@
 {}
 ---
 
-import { GlossaryTooltip, TabItem, Tabs } from "~/components";
+import { GlossaryTooltip, TabItem, Tabs, Render } from "~/components";
 
 1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **WARP Client**.
 2. Under **Device settings**, locate the [device profile](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/) you would like to modify and select **Configure**.
@@ -33,4 +33,6 @@ import { GlossaryTooltip, TabItem, Tabs } from "~/components";
 
 		</TabItem> </Tabs>
 
+<Render file="warp/client-notification-lag" product="cloudflare-one" />
+
 We recommend keeping the Split Tunnels list short, as each entry takes time for the client to parse. In particular, domains are slower to action than IP addresses because they require on-the-fly IP lookups and routing table / local firewall changes. A shorter list will also make it easier to understand and debug your configuration. For information on device profile limits, refer to [Account limits](/cloudflare-one/account-limits/#warp).
@@ -0,0 +1,6 @@
+---
+{}
+
+---
+
+It may take up to 10 minutes for newly updated settings to propagate to devices.